Managing the Threat Landscape for SAP Systems
Five years ago, the size of a standard printer driver was measured in kilobytes. Today, most drivers use hundreds of megabytes of disk space. As programs have grown to provide more functionality to users, so has the number of software vulnerabilities. The general rule of thumb is that there are between 5 to 20 programming flaws in every thousand lines of code. The number of code lines in SAP software measures in millions.
Programming flaws are not the only source of vulnerabilities. SAP systems include a variety of components that if improperly configured, may expose resources to internal or external attack. Enabling remote access to the Gateway Server, for example, can allow hackers to intercept and alter data traffic or shutdown SAP services.
When programming flaws and improper configuration are combined with internet connectivity, the risks become even greater. Today, most SAP systems are Web-enabled, seamlessly connecting employees, customers and suppliers across the world.
Traditionally, organisations have relied upon network-level controls to protect information assets. Despite the prevalence of firewalls and intrusion detection systems, network breaches continue to plague companies. This is because network-level controls do not effectively filter malicious access to critical systems. Firewalls, for instance, screen for low-level attacks based on domain names or IP addresses. While next-generation, deep-packet inspection firewalls offer greater protection, performance concerns and high costs ensure they are impractical for most companies.
The weaknesses in network defenses are widely known and have been demonstrated by numerous well-publicized data breaches. The successful attacks at RSA, Sony and Heartland Payment Systems would not have been possible if network-level appliances were up to the task.
These drawbacks have shifted the spotlight to the next layer of defense: host-level protection. Unfortunately, the reliance placed upon network controls by most companies has led to a widespread neglect of this vital area of system security. As a result, once a network is breached, there is very little to prevent attackers from accessing systems and data.
“The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable” - Sun Tzu
Vulnerability management is the cornerstone of a strong host-level security strategy. It greatly reduces the risk of compromise to business-critical systems in the event of a network breach. It is a proven, effective method used by organisations worldwide to harden systems and protect the confidentiality, integrity and availability of information.
Vulnerability management refers to the process of proactively detecting, removing and monitoring threats to information systems before they are discovered and exploited by attackers. This includes programming flaws, configuration errors and missing security patches. Theoretically, the process can be manual but given the complexity and volume of most vulnerabilities, it is usually performed through vulnerability assessment software. These tools can scan and detect vulnerabilities far more effectively and cost-efficiently than manual reviews. They are also able to rate and prioritize vulnerabilities based on risk.
Another added benefit of vulnerability assessment software is that it can demonstrate policy compliance for internal and external auditors against standards such as Basel II, GLBA, HIPAA, FISMA, PCI DSS and SOX.
The advanced analytical, monitoring and reporting capabilities provided by vulnerability assessments enable organizations to safeguard information assets and ensure business continuity. The return on investment for assessment services or solutions is significant when measured against the cost of responding to a data breach. According to a 2010 study performed by the Ponemon Institute, the average cost of a data breach is $7.2 million.
Learn how Layer Seven Security can strengthen your SAP systems against data breaches and financial fraud
Beat Fraud, Stay Compliant and Reduce Audit Costs
Layer Seven Security perform integrated security assessments for SAP systems. We partner with leading software vendors to deliver automated assessments that detect vulnerabilities in SAP applications, platforms and programs. Learn how Layer Seven Security can manage risks in your SAP environment>>>more
Get to Know Us
Layer Seven Security specialize in managing risks in SAP systems. We deliver integrated services that detect and remediate vulnerabilities at all levels in SAP landscapesmore